Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
"license": "MIT", "acceptLicenseTerms": true, "dependencies": { "tesseract.js": "^7.0.0" }, "repository": { "type": "git",- Confidence
- 93% confidence
- Finding
- "tesseract.js": "^7.0.0"
Security audit
Ocr Local Hardened
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent local OCR tool; its main considerations are the npm dependency and first-run language data download.
Install only if you are comfortable running a Node-based OCR helper and installing tesseract.js from npm. Expect the first OCR run to download language data unless already cached, and review OCR output before sharing it because screenshots can contain credentials or private information.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)
VirusTotal
66/66 vendors flagged this skill as clean.